Lucene search
K

242 matches found

EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11744

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 9:25 p.m.5 views

EUVD-2026-12177

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

4.2CVSS6AI score0.00388EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/13 1:18 a.m.4 views

CVE-2026-22193 wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions()

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/13 1:18 a.m.6 views

CVE-2026-22193

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References4
CVE
CVE
added 2026/03/13 1:18 a.m.21 views

CVE-2026-22193

wpDiscuz plugin (before version 7.6.47) contains an SQL injection in getAllSubscriptions caused by improper quote escaping for parameters email, activation_key, subscription_date, and imported_from. This allows altering queries and potentially exfiltrating sensitive data. CVSS metrics indicate hi...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25139

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/12 10:12 p.m.7 views

Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq`

In accordance with our security policy for libcrux, we publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the libcrux-ecdh, libcrux-ed25519 and libcrux-psq crates contain the following bug-fixes:...

5.5AI score
Exploits0References12Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:24 p.m.4 views

CVE-2026-25632

EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...

10CVSS5.7AI score0.00657EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69983

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

8.2CVSS5.8AI score0.00416EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 12:0 p.m.6 views

RUSTSEC-2026-0024 Incorrect X25519 clamping check rejects all secrets on import

The latest releases of the libcrux-psq crate contains the following bug-fix: 1301: Fix broken clamping check for imported X25519 secret keys...

5.5AI score
Exploits0References3
RustSec
RustSec
added 2026/01/26 12:0 p.m.7 views

Incorrect X25519 clamping check rejects all secrets on import

The latest releases of the libcrux-psq crate contains the following bug-fix: 1301: Fix broken clamping check for imported X25519 secret keys...

5.3AI score
Exploits0Affected Software1
CVE
CVE
added 2026/01/15 6:33 p.m.12 views

CVE-2025-13845

CVE-2025-13845 affects Schneider Electric EcoStruxure Power Build Rapsody. The Red Hat/NVD entries and Schneider Electric communications describe a CWE-416 Use After Free vulnerability (also noted as a Double Free in some sources) that could allow remote code execution when an end user imports a ...

8.4CVSS7.8AI score0.00306EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/15 6:28 p.m.5 views

EUVD-2026-2720

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...

8.4CVSS6.5AI score0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.8 views

CVE-2020-10616

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts...

8.8CVSS7.3AI score0.01746EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.5 views

WordPress plugin FlexTable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

3.5CVSS5.8AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.7 views

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.1CVSS6.1AI score0.00272EPSS
Exploits1References1
NVD
NVD
added 2025/12/17 11:15 p.m.7 views

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.1CVSS0.00272EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.18 views

CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.1CVSS0.00272EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.4 views

CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.1CVSS5.8AI score0.00272EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/17 12:25 a.m.3 views

SUSE CVE-2025-68189

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj-resv != &obj-resv. So we should check both this condition in addition to flags for handling the NOSHARE case. Fixes this splat that was reported with IRI...

6.5AI score0.00155EPSS
Exploits0References3
Rows per page
Query Builder